中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 20/100
上次扫描:21 小时前 重新扫描
20 /100
upkeep
UpKeep integration — manage data, records, and automate workflows via the Membrane CLI
This is a single-file documentation skill for UpKeep API integration using the Membrane CLI; it uses only standard documented shell commands with no hidden functionality, credential access, or obfuscation.
技能名称upkeep
分析耗时41.8s
引擎pi
可以安装
No blocking action needed. The skill is a legitimate API integration wrapper. Optionally improve the frontmatter metadata to declare filesystem:WRITE (npm install) and shell:WRITE (membrane CLI invocations) for full transparency.

安全发现 3 项

严重性 安全发现 位置
低危
Frontmatter capability declaration incomplete 文档欺骗
The SKILL.md frontmatter declares no resources, yet the skill's shell commands (npm install, membrane CLI invocations) imply filesystem:WRITE and shell:WRITE usage. This is a minor documentation gap — the behavior IS described in the markdown body, just not in the structured metadata.
No `permissions` or `allowed-tools` block in frontmatter
→ Add a permissions section to frontmatter explicitly declaring filesystem:WRITE and shell:WRITE for the npm install and membrane CLI operations.
 SKILL.md:1
低危
Unpinned npm package reference 供应链
The install command uses @latest tag for @membranehq/cli, which means the version fetched could change between uses. While not inherently malicious, this introduces supply chain variability.
npm install -g @membranehq/cli
→ Pin to a specific version (e.g., npm install -g @membranehq/[email protected]) or recommend checking the current stable version.
 SKILL.md:38
低危
Generic proxy request allows arbitrary API paths 权限提升
The 'membrane request CONNECTION_ID /path/to/endpoint' command passes arbitrary URL paths to the Membrane proxy, which appends the base URL. While the Membrane proxy adds authentication headers transparently, the broad scope of arbitrary endpoint access is a wide-open network capability.
membrane request CONNECTION_ID /path/to/endpoint
→ Document which UpKeep API endpoints are commonly used, and advise that broad arbitrary path access should be reviewed against the principle of least privilege.
 SKILL.md:60
资源类型声明权限推断权限状态证据
文件系统 NONE WRITE ✓ 一致 SKILL.md:38 — npm install -g @membranehq/cli writes to the global npm directory
命令执行 NONE WRITE ✓ 一致 SKILL.md:42-80 — multiple membrane CLI subcommands (login, connect, action run, …
网络访问 NONE READ ✓ 一致 SKILL.md:60-74 — 'membrane request' and 'membrane action run' make HTTP API call…
2 项发现
🔗
中危 外部 URL 外部 URL
https://getmembrane.com
SKILL.md:7
🔗
中危 外部 URL 外部 URL
https://upkeep.zendesk.com/hc/en-us/categories/200475778-API
SKILL.md:19

目录结构

1 文件 · 4.5 KB · 136 行
Markdown 1f · 136L
└─ 📝 SKILL.md Markdown 136L · 4.5 KB

依赖分析 1 项

包名版本来源已知漏洞备注
@membranehq/cli latest (unpinned) npm External third-party CLI with no pinned version; trust based on vendor reputation only

安全亮点

✓ No code or scripts present — skill is purely documentation
✓ No credential harvesting or environment variable iteration
✓ No obfuscation (base64, eval, packing) or anti-analysis patterns
✓ No sensitive file access (~/.ssh, ~/.aws, .env, etc.)
✓ No data exfiltration or C2 communication patterns
✓ No reverse shell, RCE, or remote execution without user interaction
✓ All shell commands are documented in the markdown body
✓ Credential management is explicitly delegated to the Membrane service (no local secrets)
✓ API proxy routing is declared and follows a documented CLI interface